官术网_书友最值得收藏!

  • Learn Kubernetes Security
  • Kaizhe Huang Pranjal Jumde Loris Degioanni
  • 563字
  • 2021-06-18 18:32:35

Component interactions

Kubernetes components work collaboratively to ensure the microservices running inside the cluster are functioning as expected. If you deploy a microservice as a DaemonSet, then the Kubernetes components will make sure there will be one pod running the microservice in every node, no more, no less. So what happens behind the scenes? Let's look at a diagram to show the components' interaction at a high level:

Figure 3.1 – Interactions between Kubernetes components

A quick recap on what these components do:

  • kube-apiserver: The Kubernetes API server (kube-apiserver) is a control plane component that validates and configures data for objects.
  • etcd: etcd is a high-availability key-value store used to store data such as configuration, state, and metadata.
  • kube-scheduler: kube-scheduler is a default scheduler for Kubernetes. It watches for newly created pods and assigns the pods to nodes.
  • kube-controller-manager: The Kubernetes controller manager is a combination of the core controllers that watch for state updates and make changes to the cluster accordingly.
  • cloud-controller-manager: The cloud controller manager runs controllers to interact with the underlying cloud providers.
  • kubelet: kubelet registers the node with the API server and monitors the pods created using Podspecs to ensure that the pods and containers are healthy.

It is worth noting that only kube-apiserver communicates with etcd. Other Kubernetes components such as kube-scheduler, kube-controller-manager, and cloud-controller manager interact with kube-apiserver running in the master nodes in order to fulfill their responsibilities. On the worker nodes, both kubelet and kube-proxy communicate with kube-apiserver.

Let's use a DaemonSet creation as an example to show how these components talk to each other:

Figure 3.2 – Creating a DaemonSet in Kubernetes

To create a DaemonSet, we use the following steps:

  1. The user sends a request to kube-apiserver to create a DaemonSet workload via HTTPS.
  2. After authentication, authorization, and object validation, kube-apiserver creates the workload object information for the DaemonSet in the etcd database. Neither data in transit nor at rest is encrypted by default in etcd.
  3. The DaemonSet controller watches that a new DaemonSet object is created, and then sends a pod creation request to kube-apiserver. Note that the DaemonSet basically means the microservice will run inside a pod in every node.
  4. kube-apiserver repeats the actions in step 2 and creates the workload object information for pods in the etcd database.
  5. kube-scheduler watches as a new pod is created, then decides which node to run the pod on based on the node selection criteria. After that, kube-scheduler sends a request to kube-apiserver for which node the pod will be running on.
  6. kube-apiserver receives the request from kube-scheduler and then updates etcd with the pod's node assignment information.
  7. The kubelet running on the worker node watches the new pod that is assigned to this node, then sends request to the Container Runtime Interface (CRI) components, such as Docker, to start a container. After that, the kubelet will send the pod's status back to kube-apiserver.
  8. kube-apiserver receives the pod's status information from the kubelet on the target node, then updates the etcd database with the pod status.
  9. Once the pods (from the DaemonSet) are created, the pods are able to communicate with other Kubernetes components and the microservice should be up and running.

Note that not all communication between components is secure by default. It depends on the configuration of those components. We will cover this in more detail in Chapter 6, Securing Cluster Components.

主站蜘蛛池模板: 太康县| 安新县| 五指山市| 内黄县| 贡嘎县| 司法| 沂水县| 谢通门县| 西贡区| 如东县| 雅安市| 揭西县| 玉林市| 永德县| 延川县| 陵川县| 沧州市| 彰化县| 桐柏县| 松原市| 西吉县| 镇远县| 孝感市| 舞阳县| 望都县| 黄冈市| 宽城| 公主岭市| 新闻| 阆中市| 安图县| 即墨市| 会泽县| 沅江市| 尚义县| 黑山县| 东兰县| 正定县| 武邑县| 博野县| 桃园市|